<?php
include 'header.inc.php';
require 'db.inc.php';
//include 'auth.inc.php';
//require 'output_functions.inc.php';

$db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or
    die ('Unable to connect. Check your connection parameters.');

mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db));


if(!isset($_SESSION['logged'])) {
echo '
<h1>Member Login</h1>
<form method="post" action="transact_user.php">
 <table>
  <tr>
   <td><label for="email">Email Address:</label></td>
   <td><input type="text" id="email" name="email" maxlength="100"/></td>
  </tr><tr>
   <td><label for="password">Password:</label></td>
   <td><input type="password" id="password" name="password" maxlength="20"/></td>
  </tr><tr>
   <td> </td>
   <td><input type="submit" name="action" value="Login"/></td>
  </tr>
 </table>
</form>
<p>Not a member yet? <a href="'.$manageAcc_link.'">Create a new account!</a></p>
<p><a href="forgot_password.php">Forgot your password?</a></p> ';

} else {

echo '<h1>Welcome '. $_SESSION['name'].'!</h1>';

/* Print Change Table */
if ($_SESSION['access_level'] > 1) {

echo '<h2>Changes</h2>';
/* When the Accept or Ignore options have been chosen */
if ($_POST['Submit']=='Accept' || $_POST['Submit']=='Ignore') {
	/* If Accept is selected, we have to execute the query*/
	if ($_POST['Submit']=='Accept') {
		echo "<p>Executing change...";
		$result = mysql_query("SELECT Query FROM changes WHERE ID='".mysql_real_escape_string($_POST['ID'])."'");
		if (!$result) {
			echo "</p><p class=\"error-message\">Error: Unable to execute change</p>\n";
			$error_exist=true;
		} else {
			while ($row = mysql_fetch_array($result)) {
				if (substr($row['Query'], 0,6)!='DELETE') {
					if (mysql_query($row['Query']))	
						echo "...Done</p>";
					else {
						$error_exist=true;
echo "<p>".mysql_error()."</p>";
						echo "</p><p class=\"error-message\">Error: Unable to execute change. Please review the required schema of the table or try again.</p>\n";
					}
				/* DELETE queries have to be executed differently */
				//Multiple changes:
				// http://www.dev-explorer.com/articles/multiple-mysql-queries
				} else {
					$queries = preg_split("/;+(?=([^'|^\\\']*['|\\\'][^'|^\\\']*['|\\\'])*[^'|^\\\']*[^'|^\\\']$)/", $row['Query']);
					 foreach ($queries as $query){ 
					   if (strlen(trim($query)) > 0) {
						if (!mysql_query($query)) {
							$error_exist=true;
							echo "</p><p class=\"error-message\">Error: Unable to execute change. Please review the required schema of the table or try again.</p>\n";
						}
					   }
					}
				}
			}
		}
	}
	/* Then we can delete the record from the change table */
	if ($error_exist!=true) {
		if (!mysql_query("DELETE FROM changes WHERE ID='".mysql_real_escape_string($_POST['ID'])."'"))
			echo "<p class=\"error-message\">Error: Unable to remove change from Changes list</p>\n";	
	}

/* Else the user wants more details about the change */
} else if ($_POST['Submit']=='Compare') {

$result = mysql_query("SELECT ID,HTMLDescription FROM changes WHERE ID='".mysql_real_escape_string($_POST['ID'])."'");
if (!$result) 
	echo "<p class=\"error-message\">Error: Unable to get comparison</p>";
else {
echo "<table class=\"display\">\n";	
while ($row = mysql_fetch_array($result)) {
	echo $row['HTMLDescription'];
	$ID = $row['ID'];
}
echo "</table>\n";
echo "<form action=\"index.php\" method=\"post\">\n";
echo "<input type='hidden' name='ID' value='".$ID."' />";
echo "<p><input type='submit' name='Submit' value='Accept' />
<input type='submit' name='Submit' value='Ignore' />
<input type='submit' name='Submit' value='Cancel' /></p>";
echo "</form>\n";
}
}

echo '<p><br />Please see below for a list of changes suggested by users with lower access-levels:</p>';

$result=mysql_query("SELECT ID,ShortDescription,ChangeDate,Username FROM changes");
if (!$result) {
	echo "<p class=\"error-message\">Error: Unable to print Change table</p>";
} else {

echo "<div class=\"scrollableContainer\" style=\"width:" . (99 + (159*4)) ."px\">\n";
echo "<div class=\"scrollingArea\">\n";
echo "<table class=\"display scrollable\"><thead><tr><th class=\"other-submit\"><div></div></th><th class=\"other-submit\"><div></div></th><th class=\"other-submit\"><div></div></th>\n";
echo "<th class=\"field\"><div>Name</div></th><th class=\"field\"><div>Date Changed</div></th><th class=\"field\"><div>Action Taken</div></th></tr></thead><tbody>";
while ($row = mysql_fetch_assoc($result)) {
	/* Buttons */
	echo "<tr>";
	echo "<form action='index.php' method='post'>\n";
	echo "<input type=\"hidden\" name=\"ID\" value=\"".$row['ID']."\" />\n";
	echo "<td class=\"other-submit\"><div><input type=\"submit\" value=\"Compare\" name=\"Submit\"></div></td>";
	echo "<td class=\"other-submit\"><div><input type=\"submit\" value=\"Accept\" name=\"Submit\"></div></td>";
	echo "<td class=\"other-submit\"><div><input type=\"submit\" value=\"Ignore\" name=\"Submit\"</div></td>\n";
	/* Data */
	echo "<td class=\"field\"><div>".$row['Username']."</div></td><td class=\"field\"><div>".$row['ChangeDate']."</div></td><td class=\"field\"><div>".$row['ShortDescription']."</div></td>";
	echo "</form>\n";
	echo "</tr>\n";
}
echo "</tbody></table></div></div>";

}
	
	
}

echo '<h2>Features</h2>';
echo '<p>Please see below for a description of the different features 
	of DoctorDoc. For more information, please consult the user
	manual.</p>
<ul>';
echo '<li><a href='.$homepage_link.'>Home page</a> for information about the features provided';
if ($_SESSION['access_level'] > 1) {
	echo ' and to review suggested changes to data by lower level-access users';
}
echo '</li>';
if ($_SESSION['access_level'] > 2) {
	echo ' <li><a href='.$adminAcc_link.'>Administrator</a> to manage other accounts</li>';
}
echo '<li><a href='.$manageAcc_link.'>Account</a> to edit your account details</li>';
echo ' <li><a href='.$editData_link.'>Data</a>';
if ($_SESSION['access_level'] > 1)
	echo ' to edit data in the data records</li>';
else
	echo ' to suggest changes to the data in the data records (which will have to be confirmed by a higher access-level used</li>';
if ($_SESSION['access_level']>2) {
echo '
 <li><a href='.$editSchema_link.'>Schema</a> to modify the data records by adding tables or deleting records.</li>
 <li><a href='.$editTemplate_link.'>Templates</a> to edit templates and generate documents</li>
 <li><a href='.$publishDoc_link.'>Publish</a> to publish generated documents to different locations</li>';
} else {
$no_access_msg = "- <strong>You do not have a high enough access-level to use this feature</strong>";
echo '
 <li><a href='.$editSchema_link.'>Schema</a> '.$no_access_msg.'</li>
 <li><a href='.$editTemplate_link.'>Templates</a> '.$no_access_msg.'</li>
 <li><a href='.$publishDoc_link.'>Publish</a> '.$no_access_msg.'</li>';

}
echo '
 <li><a href="transact_user.php?action=Logout">Logout</a> to logout of DoctorDoc; come again soon. :)</li>
</ul>';
} 


include 'footer.inc.php';
?>
</body>
</html>
